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IN THE CLAIMS 

Amended claims follow. Insertions are xmderlined, while deletions are struck out. The 
status of each claim is included prior to each heading. 

1 . (Currently Amended) A computerized method for automatically configuring a firewall 
operating within an individual computer comprising: 

determining a zone for a network address dynamically assigned to a network adapter in 
the individual computer; and 

associating a security policy for the zone with the network adapter, the security policy 
specifying the firewall configuration to protect the individual computer; 

wherein the security policv is defined bv a policy file which includes a policy file data 
structure stored as an XML (extensible markup langua&e^ document; 

wherein a security policv section of the policv file data str ucture includes an entry for 
each security policv that is identified bv a policy identifier field and is associated with a network 
protocol that is identified by a protocol identifier field: 

wherein the security policv section specifies filters for at least a p ortion of ports and 
services defined bv the network protocoL and each port and service assoc iated with the security 
policv is identified bv an element identifier field, a field containi ng filter settings, and a log 
indicator field: 

wherein at least one security policv is included for a TCP/IP network an d includes a 
PPTP (point-to-point tunneling protocol^ a RIP (routing informa tion protocolV a DHCP 
(dynamic host configuration protocol^ an ARP (address resolutio n protocol V an Ident 
(identification protocol ICMP (internet control message protocol! and VPN (virtual private 
networking! ports, and a NetBIOS (network basic input/output syst em) service: 

wherein a default setting for a high security policv on the TCP/TP netw ork disallows 
incoming network traffic through the PPTP and ICMP ports, allows incoming network traffic 
through the RIP> DHCP. ARP and VPN ports^ disallows access through the NetB IOS service to 
shared resources on the individual computer, and disallows the indi vidual computer fi-om using 
shared resources of other computers on the TCP/IP network, where incoming network traffic that 
attempts to access the individual computer using PPTP and Ne tBIOS is logged: 



-2- 

PACE 9/18 » RCVD AT 6/1/2005 12:36:52 PM [Eastern Daylight Time] * SVR:ySPTO-EFXRF-1/1 * DN1S:8729306 • CSID:408 fl71 4660 * DURATION (mm-ss):06-12 



Jun 01 05 09:40a 



SVIPG 



408 971 4660 



p. 10 



wherein a zone section of the policy file data structure inc ludes an entry for each defined 
address zone and includes an identifier field, an add ress parameters field that defines the zone, 
and an Identifier field for the security policy as signed to the zone; 

wherein a default zone is defined by addresses that are outside another zone. 

2. (Original) The computerized method of claim 1 further comprising: 

determining the network address assigned to the network adapter. 

3. (Original) The computerized method of claim 1, wherein the zone is defined by a set of 
network addresses. 

4. (Original) The computerized method of claim 3, wherein the set of network addresses 
comprises at least one address within the zone. 

5. (Previously Presented) The computerized method of claim 3» wherein the set of network 
addresses comprises at least one address outside the zone. 

6. (Original) The computerized method of claim 1 further comprising: 

assigning the security policy to the zone. 

7. (Currently Amended) The computerized method of claim 1 further comprising: 

retrieving athe policy file that contains definitions for the zone and the security policy 
and specifies that the security policy is assigned to the zone. 

8. (Original) The computerized method of claim 7 further comprising: 

creating the policy file from data input by a user. 

9. (Original) The computerized method of claim 7 further comprising: 

creating the policy file from data input by an administrator. 
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10. (Currently Amended) The computerized method of claim 7 further comprising: 

receiving data from a predetermined location on athe network through the network 

adapter; and 

creating the policy file from the data. 

1 1 . (Currently Amended) A computer-readable medium having computer-executable instructions 
to automatically configure a firewall operating within an individual computer comprising: 

determining a zone for a network address assigned dynamically to a network adapter in 
the individual computer; and 

associating a security policy for the zone with the network adapter, the security policy 
specifying the firewall configuration to protect the individual computeri 

wherein the security policv is defined bv a policy file which includes a policy file data 
structure stored as an XML (extensible markup langua pe^ documenU 

wherein a security policy section of the policv file data struc ture includes an entry for 
each security policy that is identified bv a policy identifier fi eld and is associated with a network 
protocol that is identified bv a protocol id entifier field: 

wherein the security policy section specifies filters for at least a portion of ports and 
services defined bv the network protocol, and each port and service associated with the security 
policv is identified by an element identifier field, a field containing filter settings, and a log 
indicator field: 

wherein at least one security policy is included for a TCP/IP netw ork and includes a 
PPTP fpoint-to-point tunneling protocol^ a RIP (routine informa tion protocol^ a DHCP 
(dynamic host configuration protocol^ an ARP (address resolution protocol^ an Ident 
(identification protocolV ICMP (internet control message protocon an d VPN (virtual private 
networkinp^ ports, and a NetBIOS (network basic input/output syst em^ service; 

wherein a default setting for a high security policv on the T CP/IP network disallows 
incoming network traffic through the PPTP and ICMP ports, a llows incoming network traffic 
through tiie RIP. DHCP. ARP and VPN ports, disallows acc ess through the NetBIOS service to 
shared resources on the individual computer, and disallows the indivi dual computer from using 
shared resources of otiier computers on the TCP/IP network, where incoming network traffic that 
attempts to access the individual computer using PPTP and NetBIOS is logged; 
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wherein a zone section of the policy file data structure includes an entry for each defined 
address zone and includes an identifier field, an address parameters field that define s the zone. 
and an identifier field for the security policy assigned to the zone: 

wherein a default zone is defined by addresses that are outside another zone . 

12. (Original) The computer-readable medium of claim 1 1 having further computer-readable 
instructions comprising: 

determining the network address assigned to the network adapter, 

13. (Original) The computer-readable mediimi of claim 1 1 having fiirther computer-readable 
instructions comprising: 

assigning the security policy to the zone. 

14. (Currently Amended) The computer-readable medium of claim 1 1 having further computer- 
readable instructions comprising: 

retrieving athe policy file that contains definitions for the zone and the security policy 
and specifies that the security policy is assigned to the zone. 

15. (Original) The computer-readable medium of claim 14 having fiirther computer-readable 
instructions comprising: 

creating the policy file from data input by a user. 

16. (Original) The computer-readable medium of claim 14 having further computer-readable 
instructions comprising: 

creating the policy file from data input by an administrator. 

17. (Currently Amended) The computer-readable medium of claim 14 having further computer- 
readable instructions comprising: 

receiving data fi-om a predetermined location on athe network through the network 
adapter; and 

creating the policy file fi-om the data. 
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18. (Original) The computer-readable medium of claim 1 1 having further computer-readable 
instructions comprising: 

defining the zone based on a set of network addresses. 

19. (Original) The computer-readable medium of claim 1 8 having further computer-readable 
instructions comprising: 

including at least one address vsathin the zone in the set of network addresses. 

20. (Original) The computer-readable medium of claim 18 having further computer-readable 
instructions comprising: 

including at least one address outside the zone in the set of network addresses. 

21. (Currently Amended) A computerized system comprising: 

a processing unit; 

a memory coupled to the processing unit through a bus; 

a network adapter coupled to the processing unit through the bus and further operable for 
coupling to a network; 

a firewall process executed from the memory by the processing unit to protect the 
computerized system when the network adapter is coupled to a network by causing the 
processing unit to filter data addressed to the network adapter according to a security policy; and 

a firewall configuration process executed from the memory by the processing unit to 
cause the processing unit to determine a zone for a network address dynamically assigned to the 
network adapter and to associate a firewall security policy for the zone with the network adapter; 

wherein the security policy is defined by a policy file which includes a p olicy file data 
structure stored as an XML (extensible markup language^ document: 

wherein a security policy section of the policy file data structure includes an entry for 
each security policy that is identified by a policy identifier field and is associated w ith a network 
protocol that is identified by a protocol identifier field: 

wherein the security policy section specifies filters for at least a portion of ports and 
services defined by the net^\^ork protocol, and each port and service associated W ith the security 
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policy is identified bv an element identifier field, a field containing filter settings, and a log 
indicator field; 

wherein at least one seciiritv policy is included for a TCP/IP network and includes a 
PPTP (point-to-point tunneling protocoD, a RIP (routing informat ion protocol^ a DHCP 
(dynamic host configuration protocol^ an ARP (address resolutio n protocol>. an Ident 
(identification protocolV ICMP (internet control message protocoH an d VPN (virtual private 
networking^ ports, and a NetBIOS (network basic input/output sy stem^ service: 

wherein a default setting for a high security policy on the TCP/IP network disallows 
incoming network traffic through the PPTP and ICMP ports, allows inco ming network traffic 
through the RIP. DHCP- ARP and VPN ports, disallows access through the NetBIOS service to 
shared resources on the individual computer, and disallows the individual computer firom using 
shared resources of other computers on the TCP/IP network, where incoming netw ork traffic that 
attempts to access the individual computer using PPTP and NetBIOS is logged: 

wherein a zone section of the policy file data structure includes an entry for each defined 
address zone and includes an identifier field, an address parameters field that defines the zone, 
and an identifier field for the secxiritv policy assigned to the zone: 

wherein a default zone is defined bv addresses that are outside another zone . 

22. (Cancelled) 

23. (Original) The computerized system of claim 21 wherein the firewall configuration process is 
executed by the processing unit when the network address for the network adapter changes, 

24. (Original) The computerized system of claim 21 wherein the firewall configuration process 
fiirther causes the processing unit to determine the network address of the network adapter. 

25. (Previously Presented) The computerized system of claim 21 wherein the firewall 
configuration process further causes the processing unit to define the zone based on a set of 
network addresses. 
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26. (Original) The computerized system of claim 25, wherein the set of network addresses 
comprises at least one address within the zone. 

27. (Original) The computerized system of claim 25, wherein the set of network addresses 
comprises at least one address outside the zone. 

28. (Previously Presented) The computerized system of claim 21, wherein the firewall 
configuration process further causes the processing unit to assign the security policy to the zone. 

29. (Currently Amended) The computerized system of claim 21, wherein the firewall 
configuration process further causes the processing unit to retrieve athe policy file that contains 
definitions for the zone and the security policy and specifies that the security policy is assigned 
to the zone. 

30. (Previously Presented) The computerized system of claim 29, wherein the firewall 
configuration process further causes the processing unit to receive data from a user and to create 
the policy file from the data. 

31. (Previously Presented) The computerized system of claim 29, wherein the firewall 
configuration process further causes the processing unit to receive data from an administrator 
and to create the policy file from the data. 

32. (Currently Amended) The computerized system of claim 29, wherein the firewall 
configuration process further causes the processing unit to receive data from a predetermined 
location on athe network through the network adapter and to create the policy file from the data. 

33-40. (Cancelled) 
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